Cisco Patches Critical Unified CM Flaw With PoC

Cisco released security updates for a critical Unified Communications Manager flaw, CVE-2026-20230, that lets unauthenticated attackers gain root privileges via SSRF. The vulnerability allows remote exploitation with low complexity by sending crafted HTTP requests to write files to the OS. Proof-of-concept exploit code is public, though Cisco has not observed active attacks. The CVSS base score is 8.6, but Cisco rated the advisory Critical due to the root escalation potential.